1. 13 Sep, 2018 1 commit
  2. 12 Jul, 2018 1 commit
  3. 10 Jul, 2018 2 commits
  4. 11 May, 2018 1 commit
  5. 13 Apr, 2018 1 commit
  6. 03 Mar, 2018 1 commit
  7. 15 Feb, 2018 1 commit
    • Darren Tucker's avatar
      Remove UNICOS support. · ddc0f381
      Darren Tucker authored
      The code required to support it is quite invasive to the mainline
      code that is synced with upstream and is an ongoing maintenance burden.
      Both the hardware and software are literal museum pieces these days and
      we could not find anyone still running OpenSSH on one.
  8. 23 Jan, 2018 2 commits
    • Damien Miller's avatar
      one SSH_BUG_BANNER instance that got away · 552ea155
      Damien Miller authored
    • djm@openbsd.org's avatar
      upstream commit · 14b5c635
      djm@openbsd.org authored
      Drop compatibility hacks for some ancient SSH
      implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
      These versions were all released in or before 2001 and predate the
      final SSH RFCs. The hacks in question aren't necessary for RFC-
      compliant SSH implementations.
      ok markus@
      OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
  9. 24 Jun, 2017 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 8f574959
      djm@openbsd.org authored
      refactor authentication logging
      optionally record successful auth methods and public credentials
      used in a file accessible to user sessions
      feedback and ok markus@
      Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
  10. 01 Jun, 2017 1 commit
    • markus@openbsd.org's avatar
      upstream commit · 92e9fe63
      markus@openbsd.org authored
      remove now obsolete ctx from ssh_dispatch_run; ok djm@
      Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
  11. 31 May, 2017 4 commits
    • markus@openbsd.org's avatar
      upstream commit · 17ad5b34
      markus@openbsd.org authored
      use the ssh_dispatch_run_fatal variant
      Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8
    • markus@openbsd.org's avatar
      upstream commit · eb272ea4
      markus@openbsd.org authored
      switch auth2 to ssh_dispatch API; ok djm@
      Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f
    • markus@openbsd.org's avatar
      upstream commit · 2ae666a8
      markus@openbsd.org authored
      protocol handlers all get struct ssh passed; ok djm@
      Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
    • markus@openbsd.org's avatar
      upstream commit · 5f4082d8
      markus@openbsd.org authored
      sshd: pass struct ssh to auth functions; ok djm@
      Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488
  12. 03 Feb, 2017 1 commit
    • djm@openbsd.org's avatar
      upstream commit · f1a19346
      djm@openbsd.org authored
      use ssh_packet_set_log_preamble() to include connection
      username in packet log messages, e.g.
      Connection closed by invalid user foo port 44056 [preauth]
      ok markus@ bz#113
      Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
  13. 02 May, 2016 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 1a31d02b
      djm@openbsd.org authored
      fix signed/unsigned errors reported by clang-3.7; add
       sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
       better safety checking; feedback and ok markus@
      Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
  14. 19 Jan, 2015 1 commit
  15. 22 Dec, 2014 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 161cf419
      djm@openbsd.org authored
      make internal handling of filename arguments of "none"
       more consistent with ssh. "none" arguments are now replaced with NULL when
       the configuration is finalised.
      Simplifies checking later on (just need to test not-NULL rather than
      that + strcmp) and cleans up some inconsistencies. ok markus@
  16. 21 Dec, 2014 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 058f839f
      djm@openbsd.org authored
      don't count partial authentication success as a failure
       against MaxAuthTries; ok deraadt@
  17. 18 Jul, 2014 1 commit
    • Damien Miller's avatar
      - millert@cvs.openbsd.org 2014/07/15 15:54:14 · 7acefbbc
      Damien Miller authored
           [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
           [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
           [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
           [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
           [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
           [sshd_config.5 sshlogin.c]
           Add support for Unix domain socket forwarding.  A remote TCP port
           may be forwarded to a local Unix domain socket and vice versa or
           both ends may be a Unix domain socket.  This is a reimplementation
           of the streamlocal patches by William Ahern from:
           OK djm@ markus@
  18. 03 Jul, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/07/03 11:16:55 · 686feb56
      Damien Miller authored
           [auth.c auth.h auth1.c auth2.c]
           make the "Too many authentication failures" message include the
           user, source address, port and protocol in a format similar to the
           authentication success / failure messages; bz#2199, ok dtucker
  19. 04 Feb, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/01/29 06:18:35 · 7cc194f7
      Damien Miller authored
           [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
           [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
           [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
           remove experimental, never-enabled JPAKE code; ok markus@
  20. 01 Jun, 2013 2 commits
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/19 02:42:42 · 0acca379
      Darren Tucker authored
           [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
           Standardise logging of supplemental information during userauth. Keys
           and ruser is now logged in the auth success/failure message alongside
           the local username, remote host/port and protocol in use. Certificates
           contents and CA are logged too.
           Pushing all logging onto a single line simplifies log analysis as it is
           no longer necessary to relate information scattered across multiple log
           entries. "I like it" markus@
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
  21. 23 Apr, 2013 1 commit
  22. 02 Dec, 2012 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2012/12/02 20:34:10 · 15b05cfa
      Damien Miller authored
           [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
           [monitor.c monitor.h]
           Fixes logging of partial authentication when privsep is enabled
           Previously, we recorded "Failed xxx" since we reset authenticated before
           calling auth_log() in auth2.c. This adds an explcit "Partial" state.
           Add a "submethod" to auth_log() to report which submethod is used
           for keyboard-interactive.
           Fix multiple authentication when one of the methods is
           ok markus@
  23. 04 Nov, 2012 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2012/11/04 11:09:15 · a6e3f01d
      Damien Miller authored
           [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
           Support multiple required authentication via an AuthenticationMethods
           option. This option lists one or more comma-separated lists of
           authentication method names. Successful completion of all the methods in
           any list is required for authentication to complete;
           feedback and ok markus@
  24. 18 Dec, 2011 1 commit
  25. 05 May, 2011 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Sync · 3fcdfd55
      Damien Miller authored
         - djm@cvs.openbsd.org 2011/03/10 02:52:57
           [auth2-gss.c auth2.c]
           allow GSSAPI authentication to detect when a server-side failure causes
           authentication failure and don't count such failures against MaxAuthTries;
           bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
  26. 31 Aug, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/31 09:58:37 · da108ece
      Damien Miller authored
           [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
           [packet.h ssh-dss.c ssh-rsa.c]
           Add buffer_get_cstring() and related functions that verify that the
           string extracted from the buffer contains no embedded \0 characters*
           This prevents random (possibly malicious) crap from being appended to
           strings where it would not be noticed if the string is used with
           a string(3) function.
           Use the new API in a few sensitive places.
           * actually, we allow a single one at the end of the string for now because
           we don't know how many deployed implementations get this wrong, but don't
           count on this to remain indefinitely.
  27. 22 Jun, 2009 1 commit
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2009/06/22 05:39:28 · 821d3dbe
      Darren Tucker authored
           [monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c]
           alphabetize includes; reduces diff vs portable and style(9).
           ok stevesk djm
           (Id sync only; these were already in order in -portable)
  28. 21 Jun, 2009 1 commit
  29. 05 Nov, 2008 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2008/11/04 08:22:13 · 01ed2272
      Damien Miller authored
           [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
           [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
           [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
           Add support for an experimental zero-knowledge password authentication
           method using the J-PAKE protocol described in F. Hao, P. Ryan,
           "Password Authenticated Key Exchange by Juggling", 16th Workshop on
           Security Protocols, Cambridge, April 2008.
           This method allows password-based authentication without exposing
           the password to the server. Instead, the client and server exchange
           cryptographic proofs to demonstrate of knowledge of the password while
           revealing nothing useful to an attacker or compromised endpoint.
           This is experimental, work-in-progress code and is presently
           compiled-time disabled (turn on -DJPAKE in Makefile.inc).
           "just commit it.  It isn't too intrusive." deraadt@
  30. 04 Jul, 2008 2 commits
  31. 02 Jul, 2008 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2008/07/02 12:36:39 · 4230a5dc
      Darren Tucker authored
           [auth2-none.c auth2.c]
           Make protocol 2 MaxAuthTries behaviour a little more sensible:
           Check whether client has exceeded MaxAuthTries before running
           an authentication method and skip it if they have, previously it
           would always allow one try (for "none" auth).
           Preincrement failure count before post-auth test - previously this
           checked and postincremented, also to allow one "none" try.
           Together, these two changes always count the "none" auth method
           which could be skipped by a malicious client (e.g. an SSH worm)
           to get an extra attempt at a real auth method. They also make
           MaxAuthTries=0 a useful way to block users entirely (esp. in a
           sshd_config Match block).
           Also, move sending of any preauth banner from "none" auth method
           to the first call to input_userauth_request(), so worms that skip
           the "none" method get to see it too.
  32. 26 Oct, 2007 1 commit
  33. 20 May, 2007 1 commit